Reddit.com: How do YOU sanitize input?
Note: This article was originally published at PHPDeveloper on 4 November 2011.
On Reddit.com there's a recent post that asks the question How do YOU sanitize input in your PHP applications?
I am developing some software for my high school using HTML, CSS, MySQL, and most importantly PHP. [...] So I pose this question, what is YOUR favorite way to sanitize input for inserting, updating, or selecting from a database? Also, is there any way you prefer to verify that input is of a certain type, and only of that type ie, if you're expecting an int or a string, how would you make sure you are receiving one?
Answers on the post touch on things like:
- parametrised queries for databases
- Sanitized versus "database-safe"
- using PDO
- avoiding the false sense of security things like mysql_escape_string and mysql_real_escape_string